Penetration Testing

Warning

You should never try to interfere with someone else’s system, illegally. Most likely, you will be caught. Getting into a system is the easy part! Bypassing IDS/IPS and the various alerting is where greater skill comes in to play. Everything has vulnerabilities, everything!

When you are caught, you will be prosecuted. Even if you “win” the court battle, you’ll be out the attorney fees and garbage fines that they will throw at you. Hack your own systems only OR get it in writing from your client that you will be doing a penetration test and let them know what that involves. We are not advocating that you use any technique we publish now or in the future to any illegal purpose.

Learn Pen Testing for Free

If you want to learn safely, and legally download MetaSploit, OWASPBWA, DVWA or other systems designed for the purpose of legal pen testing practice. You can even build your own vulnerable system to test various hacks using free versions of VmWare and use the suite of tools from Kali or Back Box, all of which is free.

With that said (now you have no excuse for doing pentests/hacks illegally), don your black hoodie, pour your caffeinated beverage of choice and engage in the following activities when you are legally able to do so using a combination of social engineering and technical prowess to help your clients secure their data using a variation of the PTES technical guideline:

Pre-engagement Interactions

what does client want to verify is safe/visible? Figure out what problems you are solving.

Intelligence Gathering

gather basic reconnaissance from public and private sources

Initial Foothold

social engineering and basic, more intrusive analysis

Enumerations

scan and look for vulnerabilities

Local Privilege Escalation

access one of the vulnerabilities you found

Backdoor Persistence

install rootkits and other persistence vectors

Domain Privilege Escalation

look for a domain admin or other higher level account

Post Exploitation/Data Dumps

dump domain hashes or other data as per client requests

Data Identification/Exfiltration

sort through and make sense of your data grabs

Reporting

make the pretty reports that all the clients like

Popular Commercial Applications

When you end up working for a red team and get contracts to ethically hack a client’s resources, you will eventually come across the many flavors of commercial tool kits, such as:

Burp Suite

Canvas

Cobalt Strike

Core Impact

Nessus

Nexpose

To that end, here are a few articles on basic penetration testing techniques that will help with the various steps of white hat, ethical hacking for your clients:

View http headers with wget to see things like Apache server response codes and more.
There are many tools that will allow you to see HTTP headers, such as: curl, fiddler, httpwatch, postman, tcpdump, snoop, and wireshark to name a few. If you don’t have the option to install these, wget ...

SSH tunnels are like a poor man’s VPN. You can create an encrypted channel, then pass data over that channel. One of the most common things to pass over an SSH Tunnel is web browsing data (SOCKs Proxy).
Basically you will create a SSH Tunnel from your client to a remote server. ...